AWS iot documentation change
Summary
Corrected URL syntax in confused deputy prevention documentation
Security assessment
While the document discusses security patterns (confused deputy prevention), the changes only fix URL formatting without introducing new security guidance or addressing vulnerabilities.
Diff
diff --git a/iot/latest/developerguide/cross-service-confused-deputy-prevention.md b/iot/latest/developerguide/cross-service-confused-deputy-prevention.md index d5e208719..0f7f4fa77 100644 --- a//iot/latest/developerguide/cross-service-confused-deputy-prevention.md +++ b//iot/latest/developerguide/cross-service-confused-deputy-prevention.md @@ -94 +94 @@ The role with the following trust policy can only be assumed by the IoT principa -In [just-in-time provisioning (JITP)](https://docs.aws.amazon.com/iot/latest/developerguide/jit-provisioning.html), you can either use provisioning template as a resource separate from the CA or define the template body and the role as part of the CA certificate configuration. The value of `aws:SourceArn` in the AWS IoT role trust policy depends on how you define the provisioning template. +In [just-in-time provisioning (JITP)](https://docs.aws.amazon.com//iot/latest/developerguide/jit-provisioning.html), you can either use provisioning template as a resource separate from the CA or define the template body and the role as part of the CA certificate configuration. The value of `aws:SourceArn` in the AWS IoT role trust policy depends on how you define the provisioning template. @@ -143 +143 @@ In the UpdateCACertificate call, provide a `RegistrationConfig` that includes th -For [AWS IoT Core credential provider](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html), use the same AWS account you use to create the role alias in `aws:SourceAccount`, and specify a statement that matches the resource ARN of the rolealias resource type in `aws:SourceArn`. When creating an IAM role for use with AWS IoT Core credential provider, you must include in the `aws:SourceArn` condition the ARNs of any role aliases that might need to assume the role, thereby authorizing the cross-service `sts:AssumeRole` request. +For [AWS IoT Core credential provider](https://docs.aws.amazon.com//iot/latest/developerguide/authorizing-direct-aws.html), use the same AWS account you use to create the role alias in `aws:SourceAccount`, and specify a statement that matches the resource ARN of the rolealias resource type in `aws:SourceArn`. When creating an IAM role for use with AWS IoT Core credential provider, you must include in the `aws:SourceArn` condition the ARNs of any role aliases that might need to assume the role, thereby authorizing the cross-service `sts:AssumeRole` request.